Hi
Can anyone explain how storage and security work for a Shiny app? If users can upload a CSV file, what happens to that file after upload? I’m not interested in writing code to check uploaded files—I just want to reassure users that the app is safe and secure, and that no one else can access their uploaded files, including the App developer. Any guidance or best practices would be appreciated.
Running this example might help you understand what happens when a file is uploaded. The datapath column shows that the file is uploaded to a temporary directory that will be deleted when the rsession is closed. If you're running your app on shinyapps.io then the container system means that you as a developer wouldn't be able to access the file. However, there is nothing to stop you printing the file contents to the logger, or sending it somewhere via an API which would be invisible to your users. If you were hosting the app on a server you control then there are many other ways in which you could make copies. I am by no means a security expert, and depending on the sensitivity of your user's data you should seek some actual advice if you want to make security guarantees.